On Wed, Feb 21, 2024 at 06:31:42PM -0500, Paul Moore wrote: > On Wed, Feb 21, 2024 at 4:26 PM Seth Forshee (DigitalOcean) > <sforshee@xxxxxxxxxx> wrote: > > > > In preparation for moving fscaps out of the xattr code paths, add new > > security hooks. These hooks are largely needed because common kernel > > code will pass around struct vfs_caps pointers, which EVM will need to > > convert to raw xattr data for verification and updates of its hashes. > > > > Signed-off-by: Seth Forshee (DigitalOcean) <sforshee@xxxxxxxxxx> > > --- > > include/linux/lsm_hook_defs.h | 7 +++++ > > include/linux/security.h | 33 +++++++++++++++++++++ > > security/security.c | 69 +++++++++++++++++++++++++++++++++++++++++++ > > 3 files changed, 109 insertions(+) > > One minor problem below, but assuming you fix that, this looks okay to me. > > Acked-by: Paul Moore <paul@xxxxxxxxxxxxxx> > > > diff --git a/security/security.c b/security/security.c > > index 3aaad75c9ce8..0d210da9862c 100644 > > --- a/security/security.c > > +++ b/security/security.c > > @@ -2351,6 +2351,75 @@ int security_inode_remove_acl(struct mnt_idmap *idmap, > > ... > > > +/** > > + * security_inode_get_fscaps() - Check if reading fscaps is allowed > > + * @dentry: file > > You are missing an entry for the @idmap parameter. Fixed, thanks!
